From 62022abc47edad4cd9f8449c0a35e45917fce723 Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Thu, 20 Mar 2025 05:02:34 +0100
Subject: [PATCH] impr winpeas

---
 parsers/__init__.py                           |  0
 parsers/peas2json.py                          | 21 +++++++++----
 .../winPEAS/Info/CloudInfo/AzureInfo.cs       | 31 ++++++++++++++++++-
 3 files changed, 45 insertions(+), 7 deletions(-)
 create mode 100644 parsers/__init__.py

diff --git a/parsers/__init__.py b/parsers/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/parsers/peas2json.py b/parsers/peas2json.py
index 3d46f33..05ff3cf 100755
--- a/parsers/peas2json.py
+++ b/parsers/peas2json.py
@@ -144,7 +144,12 @@ def parse_line(line: str):
         })
 
 
-def main():
+def parse_peass(outputpath: str, jsonpath: str = ""):
+    global OUTPUT_PATH, JSON_PATH
+
+    OUTPUT_PATH = outputpath
+    JSON_PATH = jsonpath
+
     for line in open(OUTPUT_PATH, 'r', encoding="utf8").readlines():
         line = line.strip()
         if not line or not clean_colors(line): #Remove empty lines or lines just with colors hex
@@ -152,17 +157,21 @@ def main():
 
         parse_line(line)
 
-    with open(JSON_PATH, "w") as f:
-        json.dump(FINAL_JSON, f)
+    if JSON_PATH:
+        with open(JSON_PATH, "w") as f:
+            json.dump(FINAL_JSON, f)
+    
+    else:
+        return FINAL_JSON
 
 
 # Start execution
 if __name__ == "__main__":
     try:
-        OUTPUT_PATH = sys.argv[1]
-        JSON_PATH = sys.argv[2]
+        outputpath = sys.argv[1]
+        jsonpath = sys.argv[2]
+        parse_peass(outputpath, jsonpath)
     except IndexError as err:
         print("Error: Please pass the peas.out file and the path to save the json\npeas2json.py <output_file> <json_file.json>")
         sys.exit(1)
     
-    main()
diff --git a/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureInfo.cs b/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureInfo.cs
index 02b8fbd..31a2af5 100644
--- a/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureInfo.cs
@@ -28,7 +28,20 @@ namespace winPEAS.Info.CloudInfo
         const string API_VERSION = "2021-12-13";
         const string CONTAINER_API_VERSION = "2019-08-01";
 
-        // **New helper method to detect if running inside an Azure container**
+        public static bool DoesProcessExist(string processName)
+        {
+            // Return false if the process name is null or empty
+            if (string.IsNullOrEmpty(processName))
+            {
+                return false;
+            }
+
+            // Retrieve all processes matching the specified name
+            Process[] processes = Process.GetProcessesByName(processName);
+            return processes.Length > 0;
+        }
+
+        // New helper method to detect if running inside an Azure container
         private bool IsContainer()
         {
             return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT")) ||
@@ -123,6 +136,22 @@ namespace winPEAS.Info.CloudInfo
                         }
                     }
 
+                    string hwsRun = DoesProcessExist("HybridWorkerService") ? "Yes" : "No";
+                    _endpointDataList.Add(new EndpointData()
+                    {
+                        EndpointName = "HybridWorkerService.exe Running",
+                        Data = hwsRun,
+                        IsAttackVector = true
+                    });
+
+                    string OSRun = DoesProcessExist("Orchestrator.Sandbox") ? "Yes" : "No";
+                    _endpointDataList.Add(new EndpointData()
+                    {
+                        EndpointName = "Orchestrator.Sandbox.exe Running",
+                        Data = OSRun,
+                        IsAttackVector = true
+                    });
+
                     _endpointData.Add("General", _endpointDataList);
                 }
                 catch (Exception ex)